Key components:
- VPC with private and public subnet
t0rn-collator
in private subnet and NatGW in public- ASG with min, max instances set to 1 for
t0rn-collator
- Configuration with
userdata
The atmos
CLI is a universal tool for DevOps and cloud automation. It allows
deploying and destroying Terraform and helmfile components, as well as running workflows to bootstrap or teardown all
resources in an account.
atmos
includes workflows for dealing with:
- Provision large, multi-accountTerraform environments
- Deploy helm charts to Kubernetes clusters with helmfile
- Execute helm commands on Kubernetes clusters
- Executing kubectl commands on Kubernetes clusters
It's a very good and versitile tool.
Note: More documentation
- macosx
brew install atmos
- linux
For more options go to docs
components
provide generic modules that can be used in stacksstacks
provision certain functionalityworkflows
can arrange stacks and deploy application that consists of multiple stacks or even whole infrastructure
Note: More documentation
Workflow t0rn.yaml
will provision two components that are essentials of this work, vpn
and t0rn-collator
.
atmos workflow -f t0rn.yaml plan
If plan looks good (obviously planning t0rn-collator
will fail without VPC) then:
atmos workflow -f t0rn.yaml apply
When the time comes:
atmos workflow -f t0rn.yaml destroy
atmos
makes IaC DRY and very easy to manage and extendterraform state
is local to not introduce additional complexityt0rn-collator
image was rebuilt to mitigate issues with entrypoint and libssl library (https://hub.docker.com/repository/docker/3h4xx/t0rn-collator)t0rn-collator
image is ran directly by docker with restart policy, restart policy is not fool proof, it's possible it can fail to restart container under certain circumstances (but I have tested most common case of server restart and container is running fine afterwards)t0rn-collator
is deployed in private network with empty SGingress
, outbound taffic goes via NatGWeu-central-1
was picked as deployment region close to other nodes, which should provide lower latency in synct3a-medium
is an arbitrary choice which is just to limit costs of development
- AWS multi account where each environment has it's own account
- VPC Flow logs enabled
- deployment should be in multiple subnets within AZs (not done due to cost of NATGW), otherwise it's not fault tolerant
- container orchestration should be done
- monitoring should be added as collator have prometheus exporter binded
- each provisioned t0rn-collator is starting blockchain synchronization from scratch, this can be improved by using baked AMI
- CICD for validation, linting and deployment